Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  
  
  package examples.authorization;
  
  import java.security.*;
  import java.util.*;
  
  import javax.sip.*;
Implements the HTTP digest authentication method.

Author(s):
M. Ranganathan
Marc Bednarek
 
 
     public static final String DEFAULT_SCHEME = "Digest";
 
     public static final String DEFAULT_DOMAIN = "127.0.0.1";
 
     public static final String DEFAULT_ALGORITHM = "MD5";
 
     public static String DEFAULT_REALM = "nist.gov";
 
     String USER_AUTH = "auth";
 
     String PASS_AUTH = "pass";
 
     private MessageDigest messageDigest;

    
to hex converter
 
     private static final char[] toHex = { '0''1''2''3''4''5''6',
             '7''8''9''a''b''c''d''e''f' };

    
Default constructor.
 
     public DigestServerAuthenticationMethod() {
         try {
              = MessageDigest.getInstance();
         } catch (NoSuchAlgorithmException ex) {
             ..println("Algorithm not found " + ex);
             ex.printStackTrace();
         }
     }
 
     public static String toHexString(byte b[]) {
         int pos = 0;
         char[] c = new char[b.length * 2];
         for (int i = 0; i < b.lengthi++) {
             c[pos++] = [(b[i] >> 4) & 0x0F];
             c[pos++] = [b[i] & 0x0f];
         }
         return new String(c);
     }

    
Initialize
 
     public void initialize() {
         ..println("DEBUG, DigestAuthenticationMethod, initialize(),"
                 + " the realm is:" + );
     }

    
Get the authentication scheme

Returns:
the scheme name
 
     public String getScheme() {
         return ;
     }

    
get the authentication realm

Returns:
the realm name
 
     public String getRealm(String resource) {
         return ;
     }

    
get the authentication domain.

Returns:
the domain name
 
     public String getDomain() {
         return ;
     }

    
Get the authentication Algorithm

Returns:
the alogirithm name (i.e. Digest).
 
    public String getAlgorithm() {
        return ;
    }

    
Generate the challenge string.

Returns:
a generated nonce.
    public String generateNonce() {
        // Get the time of day and run MD5 over it.
        Date date = new Date();
        long time = date.getTime();
        Random rand = new Random();
        long pad = rand.nextLong();
        String nonceString = (new Long(time)).toString()
                + (new Long(pad)).toString();
        byte mdbytes[] = .digest(nonceString.getBytes());
        // Convert the mdbytes array into a hex string.
        return toHexString(mdbytes);
    }

    
Check the response and answer true if authentication succeeds. We are making simplifying assumptions here and assuming that the password is available to us for computation of the MD5 hash. We also dont cache authentications so that the user has to authenticate on each registration.

Parameters:
user is the username
authHeader is the Authroization header from the SIP request.
requestLine is the SIP Request line from the SIP request.
Throws:
SIPAuthenticationException is thrown when authentication fails or message is bad
    public boolean doAuthenticate(String userAuthorizationHeader authHeader,
            Request request) {
        String realm = authHeader.getRealm();
        String username = authHeader.getUsername();
        URI requestURI = request.getRequestURI();
        if (username == null) {
            .
                    .println("DEBUG, DigestAuthenticateMethod, doAuthenticate(): "
                            + "WARNING: userName parameter not set in the header received!!!");
            username = user;
        }
        if (realm == null) {
            .
                    .println("DEBUG, DigestAuthenticateMethod, doAuthenticate(): "
                            + "WARNING: realm parameter not set in the header received!!! WE use the default one");
            realm = ;
        }
        .
                .println("DEBUG, DigestAuthenticateMethod, doAuthenticate(): "
                        + "Trying to authenticate user: " + username + " for "
                        + " the realm: " + realm);
        String nonce = authHeader.getNonce();
        // If there is a URI parameter in the Authorization header,
        // then use it.
        URI uri = authHeader.getURI();
        // There must be a URI parameter in the authorization header.
        if (uri == null) {
            .
                    .println("DEBUG, DigestAuthenticateMethod, doAuthenticate(): "
                            + "ERROR: uri paramater not set in the header received!");
            return false;
        }
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), username:"
                        + username + "!");
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), realm:"
                        + realm + "!");
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), password:"
                        +  + "!");
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), uri:"
                        + uri + "!");
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), nonce:"
                        + nonce + "!");
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), method:"
                        + request.getMethod() + "!");
        String A1 = username + ":" + realm + ":" + ;
        String A2 = request.getMethod().toUpperCase() + ":" + uri.toString();
        byte mdbytes[] = .digest(A1.getBytes());
        String HA1 = toHexString(mdbytes);
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), HA1:"
                        + HA1 + "!");
        mdbytes = .digest(A2.getBytes());
        String HA2 = toHexString(mdbytes);
        .
                .println("DEBUG, DigestAuthenticationMethod, doAuthenticate(), HA2:"
                        + HA2 + "!");
        String cnonce = authHeader.getCNonce();
        String KD = HA1 + ":" + nonce;
        if (cnonce != null) {
            KD += ":" + cnonce;
        }
        KD += ":" + HA2;
        mdbytes = .digest(KD.getBytes());
        String mdString = toHexString(mdbytes);
        String response = authHeader.getResponse();
        .
                .println("DEBUG, DigestAuthenticateMethod, doAuthenticate(): "
                        + "we have to compare his response: " + response
                        + " with our computed" + " response: " + mdString);
        int res = (mdString.compareTo(response));
        if (res == 0) {
            .
                    .println("DEBUG, DigestAuthenticateMethod, doAuthenticate(): "
                            + "User authenticated...");
        } else {
            .
                    .println("DEBUG, DigestAuthenticateMethod, doAuthenticate(): "
                            + "User not authenticated...");
        }
        return res == 0;
    }
New to GrepCode? Check out our FAQ X